More Tips On Protecting Your Virtual Meetings to Avoid a Cybersecurity Breach: An Update

PDF
| FG Law Blog
Krishna Jani & Donna Urban

At this point, many of us are well into our fourth or fifth week of quarantine due to the outbreak of COVID-19. Even for those of us who are fortunate enough to be able to work remotely from our homes, this comes with certain challenges, including potential security issues with virtual conferencing. In our first installment about virtual meetings, and their unintended vulnerabilities, we provided some guidance on how you and your staff might implement certain strategies to keep your virtual conferences as safe as possible from hackers and trolls. In this new installment, we will provide further guidance on staying safe amidst emerging privacy and security concerns associated with virtual meeting platforms.

Zoom Announces Updates to its Data Privacy and Security Measures

On April 1, 2020, the Chief Operating Officer of Zoom, Eric Yuan, announced certain changes that Zoom is making to enhance its virtual meeting spaces. On April 14th, the Chief Product Officer of Zoom, Oded Gal, provided clarification on those enhancements to those of us who are using Zoom during quarantine.

For example, right now Zoom recommends recording your meetings whenever practicable to ensure a forensic trail is created, as stated above. In addition, Zoom recommends taking a screenshot whenever a bad actor enters your virtual meeting. Then, you can report this intruder on Zoom’s website. And starting this coming weekend, Zoom will be releasing a new security feature built into the app, which will allow users to send a report to Zoom right from the security button should any unwanted interference arise.

Other Noteworthy Developments

Zoom announced that as of April 1, 2020, it would freeze all future product development except for data privacy and security updates for the following 90 days. Moreover, beginning April 18, 2020, every paid Zoom customer will be able to customize which data center regions their account can use for its real-time meeting traffic. By default, however, there will be no connection to any data centers in China beginning April 18, 2020 for all users. Additionally, users with an “.edu” registered email address are automatically given the highest level of security in their meetings, and this will continue. Zoom has begun to address user demands for a “kid-friendly” interface, but it has not yet launched any such interface.

Other virtual meeting platforms, such as GoToMeeting, have also enacted enhanced security protections in their respective applications. For example, GoToMeeting gathers cyber threat intel through partnerships including external intelligence communities, personal and professional sharing groups, and its own internal research to collect Indicators of Compromise or IoC data. IoC can include forensic data such as IP addresses, domains, hashes, and pulls them into its threat intelligence platform to reduce the risk of cyber threats.

Still though, platforms like Zoom and GoToMeeting urge users to utilize additional security measures as outlined in our previous blog post, and above, to provide the greatest level of privacy and data security for your virtual meetings.

Updates on Regulatory Guidance

On April 8th, Senator Edward Markey, whose priorities include telecommunications, technology, and privacy policy, urged the Federal Trade Commission (FTC) to publish industry cybersecurity guidelines “for companies that provide online conferencing services, as well as best practices for users that will help protect online safety and privacy during this pandemic and beyond.”

In Senator Markey’s letter, he urges that the guidance cover, at a minimum, the following topics:

Senator Markey also requests that the FTC develop best practices for online conferencing users, so that they can make informed, safe decisions when choosing and using these platforms. He requests that these best practices cover at least the following topics:

To date, the FTC has not published new guidelines.

Remember to have a plan and be prepared. Stay safe, everyone!

If you have any questions, please feel free to reach out to Donna Urban, Krishna Jani, or any member of Flaster Greenberg’s Telecommunications or Privacy & Data Security Groups.  

Donna T. Urban is a member of Flaster Greenberg’s Commercial Litigation and Environmental Law Departments concentrating her practice in telecommunications law, environmental regulation and litigation, and privacy and data security. She is a seasoned litigator, and for more than 20 years has successfully represented business clients in contract disputes, regulatory matters, and complex negotiations. She can be reached at donna.urban@flastergreenberg.com or 856.661.2285.

Krishna A. Jani is a member of Flaster Greenberg’s Litigation Department focusing her practice on complex commercial litigation. She is also a member of the firm’s cybersecurity and data privacy law practice groups. She can be reached at 215.279.9907 or krishna.jani@flastergreenberg.com.

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource Page on our website.  Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business. 

Practice Areas

In light of recent changes to data protection laws, we have updated our Privacy Policy and Terms & Conditions, which explain how we collect, use, maintain, and secure your information. By using this site, you agree to our updated Privacy & Terms of Use Policies